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(57) ABSTRACT 

An access control technique to limit access to informa tion 
contejatjtUch,as^ayaflable^ technique is 

implemented within a network device such as a proxy server, 
router, switch, firewall, bridge or other network gateway. 
The access control process analyzes data in each request 
from the cli ent s and determines ifjh e request should be 
fo rwarded fo r p rocessirig J> y a se rve r Jo_wh ich i t is destined. 
Acces s co nt rol ma y__be_determined by comparing client 
sourcejnfor mation a &ainst a database of Uniform Resource 
Locators (URLs), IP addresses^ or other resource identifi- 
cat ion d ala.specifving-the. data requested by the client. The 
inventing ftfrer, efi o re^ provides acces s, control not based only 
uporxcojiteJitrbutxatfier, hasedprimaril y upon the identity of 
the computers or users making the requests. The technique 
further avoids the problems of the prior art which categories 
or niters the content of only web pages based solely upon 
objectionable words. This is becauase a category database is 
used by the network device to control access and is created 
via a process involving human editors who assist in the 
creation and maintenance of the category database. 

27 Claims, 4 Drawing Sheets 
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ACCESS CONTROL OF NETWORKED DATA 
BACKGROUND OF THE INVENTION 

Computer networks, including private intranets and the 
publicly accessible Internet, have grown dramatically in 
recent years, to the point where millions of people all over 
the world use them on a daily basis. The surge in the 
popularity of computer network use is due in large part to the 
vast amounts of data and information that is readily avail- ^ 
able to people at a relatively small cost. 

As an example, a computer network application that uses 
a suite of protocols known as the World Wide Web, or 
simply "the web", permits computer users connected to the 
Internet to "browse" "web pages". To browse or "surf* the 15 
web, a person operates a client computer that executes an 
application program called a "web browser*'. The browser 
allows the user to submit requests for "web pages'*, which 
are data files stored at remote server computers called "web 
servers". The browser may also allow access to other 20 
protocols and file types beside web pages. The web servers 
return the requested pages and/or data to the browser for 
presentation to the user on the client computer. It is now 
common for web pages to contain many types of multimedia 
data including text, sound, graphics, still images and full 25 
motion video. 

Like many other applications that use computer networks, 
the web uses various protocols to provide fast and efficient 
data communication. The process of requesting, sending and 
receiving web pages and associated data (i.e., surfing the 30 
web) over the Internet is handled primarily by a communi- 
cation protocol known as the Hyper-Text Transfer Protocol 
(HTTP). However, web browsers and other networking 
applications can also use many other protocols such as the 
File Transfer Protocol (FTP), the Telnet protocol, Network 35 
News Transfer Protocol (NNTP), Wide Area Information 
Services (WAIS), the Gopher protocol, Internet Group Man- 
agement Protocol (IGMP) for use in Multicasting, and so 
forth. Typically, these protocols use the data communication 
facilities provided by a standardized network layer protocol 40 
known as the Transmission Control Protocol/Internet Pro- 
tocol (TCP/IP) to perform the data transactions described 
above. 

Unfortunately, none of the aforementioned applications, 
protocols, nor TCP/IP itself provides any built-in control 45 
mechanisms for restricting access to web servers, pages of 
data, files or other information which the protocols can 
obtain and provide from servers. Restricted access to servers 
or data, for example, on the world wide web, may be useful 
in the home to deny access to objectionable web page 50 
material requested by children. A similar need is increas- 
ingly felt by information technology professionals in the 
corporate environment. Within many companies, reliable 
and ubiquitous access to computer networks is now a 
requirement of doing business. However, management 55 
increasingly feels the need to control Internet access, not 
only to prevent employees from displaying objectionable 
material within the workplace, but also to place limits, 
where appropriate, upon who can access certain information, 
such as web page content for example, and when this access 60 
should be granted. There is increasing concern within many 
companies, for example, that without some type of control 
on Internet access, certain workers will spend all day reading 
web pages devoted to news, sports, hobbies, and the like, or 
will download entertainment related software, for example 65 
via FTP, rather than access the web pages or data files which 
assist them in doing their job. 



,618 Bl 

2 

Currently available access control mechanisms for net- 
worked data are typically provided by either the server 
software, such as web or database server applications, or the 
client browser or client terminal software or a combination 
of both. 

Various systems have been developed in an attempt to 
control access to networked data files in some way. For 
instance, U.S. Pat. No. 5,708,780 discloses a system for 
controlling access to data stored on a server. In that system, 
requests for protected data received at the server must 
include a special session identification (SID) appended 
within the request, which the server uses to authenticate the 
client making the request. If the SID is not present, the 
server requires an authorization check on the requesting 
client by forwarding the original request to a special autho- 
rization server. The authorization server then interrogates 
the client that made the request in order to establish an SID 
for this client. The SID is then sent to the client, and the 
client can then re-request the protected data using the new 
SID. In this system, access control is performed by customi- 
zation of both the client and the server, and requires a 
separate authentication server. 

Other schemes have been developed which place access 
control responsibility squarely within the client. Topically, 
these systems use what is known as data-blocking or web- 
blocking software. This software gets installed onto the 
client computer and controls the ability of the client browser 
software to receive data from certain restricted servers. As 
an example, for restricting access to web pages, client 
computers can install web-blocking software called Surf- 
Watch from SurfWatch, Inc, a division of Spyglass 
Software, Inc. Surf-Watch examines incoming web page 
data against a restricted content database. When a web page 
arrives at the client containing, for example, text data 
including obscenities that are listed in the restricted content 
database, the Surf -Watch program detects these words and 
disables the ability of the browser to display the page and 
informs the user that the page is restricted. This procedure is 
generally referred to as content filtering, since the actual 
content of the page or data itself is used to make access 
control decisions. 

The person who administers such software (typically a 
parent or information technology professional) is respon- 
sible for selecting which topics or words of content are to be 
filtered. For example, Surf-Watch allows the installer to 
select topics related to sexual material, violence, gambling, 
and drugs or alcohol. These topics define vocabularies of 
words that will be used to define the scope of the restricted 
content database. Any page that is received and that contains 
a word defined within these categories will not be displayed 
to the user. 

SUMMARY OF THE INVENTION 

Prior art systems used for limiting access to data on the 
networked computers, such as those used for the world wide 
web, suffer certain drawbacks. For instance, in systems that 
place access control at the server, it is up to the administrator 
of the server to decide who should and should not have 
access to the data being served. Systems using authentica- 
tion servere.alsarejuiiie^acfa^enU of the 
access controLsvstemJn^or der to correctly append the S ID 
to jach req uest. The separate authentication communication 
between the server, the authen tication server and the client 
c reates additional netwo rk-traffic — this in turn means that 
ac cess tim es^ are. slowed t considenibly,_sjn ce they must first 
be processed by the re mote a^hentiamorT server. ~ 
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In systems that place access control at the clien t, it is up can be provided from a remote source, such as a subscri ption 

to th e administ rator of each client c omputer (i.e. the parent ser yicc^proyidin p periodic access^cpntrol database up dates, 

or mformationjechnology professional) to determine how Bv ^a utomating_the_access control jdatahasejupdate^ process. 

the a ccess contr ol soft ware is installed and configured on the th e invention does npt have joJ>uc&nJtsjLWJQe 

client computerTSinc e client b rowsing-and access control 5 with constant mam tenancc, 

softw are is typ ically installed on a perso nal com puter, easy The network device also includes a second interface 

access to the operating ^system and_software^tored on the coupled between the first and second network and the access 

com puter dislTmakeTi fjaSssible fof the restricted users (i.e., control process. The second interface forwards the requests 

children or employees) to de-configure or un-install the from the firs t interface to the servers on the second network 

blocking software, unbeknownst to the administrator. In to if the access control p rocess det erm ines the reques t should 

environments such as schools and corporations, maintaining be forwarded to the second network .for processing by a 

each client installation of, for example, web-blocking soft- server to which it is destined. The information in a request 

ware as a separate system thus becomes a quite cumbersome provides the required information, including address data 

administrative task. indicating a source of the request and also may include either 

Furthermore, content filtering based solely upon suppos- 15 a Uniform Resource Locator (URL) or an address of the data 
edly objectionable words is not foolproof. For example, a specifying a specific page of data, a "web page", a file, or a 
word such as "breast" might be considered to be specific service to be supplied by a remote server to which 
objectionable, and the blocking software might typically be that request is destined. That is, no matter what the app Li- 
set to blQck access to any web page or data file requested that cation is, such as world wide web access, FTP access, Telnet 
contains that word. However, a web page or FTP site, for 20 access, and so forth, the information in the request identifies 
example, as published by a respected government research the source (i,e., who or which client is making the request) 
center, may in and of itself not be objectionable simply and identifies what server or remote computer will supply 
because it contains pages or files containing that word. data in response to the request. This information is matched 
Indeed, such a page or file may be highly relevant and even to the access control databases of the invention before being 
desirable for access by, for example, a high school student 25 allowed to be forwarded from the second interface, 
performing research for a science project devoted to cancer fa this manner, the invention provides access control not 
risks in adult women. primarily upon content, and not at either the server or the 

In other instances, there may not be keywords associated client, but rather, based upon the requests made by whom, at 

with objectionable content. For example, a web pages sim- what times, and according to different categories of subject 

ply consist of one or more objectionable pictures without 30 matter, as will be explained in detail below, 

embedded keywords. Similarly, an FTP site may simply The invention further avoids the problems of the prior art 

consist of a directory with one or more graphics files which which categorizes or filters the content of web pages based 

are objectionable. Content filtering based on keywords does solely upon objectionable words. For example, the category 

not help with either situation. database used by the network device to control access is 

The present invention overcomes these and. othcr prob- 35 preferably created via a process involving human editors 

lems of p rior art network_da ta.a(^5s ^nto±syst&msv5his who assist in the creation and maintenance of the category 

i nvention existsjy pically as a software programjin^tallcd on database. The editors review the URLs or addresses of new 

a network deWce^interconnected between^ yj)icj^y_jL first uncategorized web pages, data files, or server machines, and 

and second computejLQ e tj^rk . T he ^^^ 6tyi<^m^y 9 for _ evaluate the content of the web site and web pages or data 

example J bej^r£oji^ The files or server information referenced by the URL or address, 

firstne rwork may be a local area network (LAN) located, for placing that URL or address into one or more of the 

example; at an Internet 'service provider (ISP) or within a categories. 

corporate or other private intranet. The second network may The invention also provides for automatic updating of the 

be the Internet or other large wide area network. 45 various access control databases, for example, over the 

The network device is responsible for controlling access network, so that the access control mechanism is always 

b y client comp uters to data available from-se^exjQomputers, using the most recently discovered network data which is 

w hen those req uests are made via any o ne or more of a determined to be restricted in content. Automatic updates 

variet y of protocols such as HX EELFTP. Gopher, Telnet, may be provided, for example, using SNMP managed net- 

WATsTnNTP, and so forth. The mventionJs_extendable to 50 work devices °* n synchronize local access control 

provide access co ntrol for other t ypes o f data access proto- database(s) with a master database for example, 

cols usedjo transfer data between com puters as well, such BRIEF DESCRIPTION OF THE DRAWINGS 
as^rpjtpcpls_matjwU„aniye_in the future to perform data 

exchange or data transactions. The network device includes, The foregoing and other objects, features and advantages 

typically, a data processor providing a first interface for 55 of the invention will be apparent from the following more 

receiving requests from clients, such as may be connected to particular description of preferred embodiments of the 

the first network, for data stored on servers on the second invention, as illustrated in the accompanying drawings in 

network. which like reference characters refer to the same parts 

The network device also includes an access control pro- throughout the different views. The drawings are not nec- 

cess coupled.to.the.firstinterface. The access coSroT^ro^ 60 ^^^^^mt^l^v]^^^ 

analyzes dataJn-each^reQu ^t from the clients and d eter- ***** me P™aples of the invention, 

m ines if the r equest shouloVb^foryardedjto^the 'second F 10 * 1 illustrates an example networked computer envi- 

network for proc essing by a serverTo^^hichJlJs-destined. ronment in which the present invention may by used. 

The determination t o forward or. n ot is made_by cr oss FIG. 2 shows a flow chart of the general processing steps 

ref erencing informat'ion'in the request with access con trol 65 for configuring the databases used by the invention, 

d ata in at least one acce ss control databa se, that may be, for FIG. 3 illustrates a simplified example of the contents of 

exa mple. sioccdLlocallY wjffi^ that a packet as used in this invention. 
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FIG. 4 shows a flow chart of the general processing steps 
performed by a network device according to this invention. 

DF.TATT .Pn DESCRIPTION OF A PREFERRED 
EMBODIMENT 

FIG. 1 illustrates an example networked computer envi- 
ronment 30 in which the present invention may be imple- 
mented. The networked computer environment 30 includes 
a first or Local Area Network (LAN) 40 composed of client 
computer hosts ("clients*') 50 through 53, a second or Wide 
Area Network (WAN) 45 including server computer hosts 
("servers") 54 through 56, and a network device 100 having 
access control databases 230, 204 and 208. Hie network 
device 100, is connected to permit data communication 
between the Local Area Network 40 and Wide Area Network 
45, and is in particular configured according to the present 
invention to provide an access control mechanism for all 
data information requests made from clients to servers, such 
as, for example, web page, news server, or FTP data or 
application download requests. 

While the invention is applicable to many types of data 
transfer operations made from client to server computers, the 
preferred embodiment described herein relates primarily to 
world wide web page access. However, it is to be understood 
that the invention is applicable to access control to other 
types of data provided by other protocols such as Gopher 
data provided by Gopher servers, FTP servers, Usenet News 
servers, Multicast Backbone (MBONE) Servers, and so 
forth. The invention may also be used to restrict access to 
actual application software provided by servers, such as, for 
example, Java applets served from dedicated application 
servers. 

In FIG. 1, the Local Area Network (LAN) 40 inter- 
networks the clients 50 through 53, and the Wide Area 
Network (WAN) 45 inter-networks the servers 54 through 
56. WAN 45 may be, for example, the Internet, and LAN 40 
may be, for example, any type of computer network such 
one used in a corporate, institutional, Internet service pro- 
vider (ISP) or similar setting in which multiple computers 
access each other and the WAN 45. The LAN 40 and/or 
WAN 45 may be implemented using Ethernet, ATM, FDDI, 
SONET, token-ring, wireless or other types or combinations 
of physical network layer topologies. 

The clients_a^a^s.ewers_50^hyrough_56 may be 
wor kstation ^ persona l computers, or other data processing 
devices linked via the LAN and WAN communication 
mediums which operate a protocol that supports high-speed 
data communications, such as, for example, the Transmis- 
sion Control Protocol/Internet Protocol (TCP/IP). 

The LAN 40 is coupled via a network link 41 to the 
network device 100,~which~is in turncbupled to the WAN 45 
via network link 46. Thejaetwork device lOOjnay be, for 
exam ple, a router , proxy server , firewall, bridge, hub, switch, 
or ojhej^aSjDcan^^"^witclung or network device that 
allows data, usually in the form of frames, packets or 
datagrams, to be transferred back and forth between the 
LAN 40 and the WAN 45. In the context of this invention, 
network device 100 is usually owned and administered by 
the same organization that owns and administers the LAN 
40. The iietwork.de vice.100 .serves as the "gateway" through 
which all data communications must pass between the two 
networks 40 and 45.~Sucfa a gateway may be located at an 
Internet service provider (ISP) wherein the clients are con- 
nected to the L?CN via dial-up modems, or within a corporate 
or other institutional environment, between the LAN and an 
Internet connection. While not shown, it is noted that the 



10 



15 



invention may employ more than one network device 100 to 
provide access control to clients on LAN 40 between many 
different WAN's or to the same WAN 45. 

As a "gateway", the network device 100 according to this 
invention is configured also to monito r the data com muni- 
cations that passjbetweeji^lients connected to the LAN 40 
and servers connected to the WAN 45. The network device 
100 can, forjexample,_dtete^;r^ files or 

other data~from any of clients 50 through 53 to servers 54 
mrough~56rTEelieTwork device 100 then eithexiallows or 
denies the detected web pa ge or informat ion requests based 
on an examinationoFthe content of the specific requests in 
comparison with access control data stored in databases 203, 
204 and 208. 



30 



35 



40 



By locating the access control decisions in nei ther t he 
se rver norclient computers 50-56 T but , rather, within ne t- 
w orlLdeyiceAOO . web pa ge and data access for all clie nts SO 
through" 53 may be controlled as a group, without any 

20 separatedhejor^oT^^r configurado^j^^red'Jrom the 
administrator who^operates t he network device 10 0. Also, 
since a firewall, bridge, router or gateway to the Internet, for 
example, is typicall y isolated from physical and login a ccess 
by_users, a trusted systems administrator can be resp onsible 

25 for administering an acces s control polic y which is more 
difn ^no"circumyent than w 5^^_upJcLthfi-users of the 
clients or servers. 

In order for network device 100 to be able to make access] 

s or J 



control decisions regarding requests for web pages, files 
other information provided by servers, it must be configured 
with access control data suc h as stored in databases 20 3, 204 
and 208. The access controLda tajdefines wfacft clients can 
acc ess which web pages_Qiidata. frojaiJffimQte^jaeis_at what 
times and under what conditions. Users of the client com- 



putersinthi s invention are assigned to various groups, 
which may, for example, be based on that persons respon- 
sibilities within the organization that is using the system of 
this invention. If a user is in a particular croup T the invention 
can further limit access jxmt rol to r for exam ple, web pages, 
d ata T progxa ms^files or documents for that group at certain 
times, while not limiting access at other times. S till furt her, 
this mvftntickn_pmvififi5^thc afrjl ftyJoJimit access co ntrol to / 
web pages or data provided b y servers that fall into many I 
different categories. That is, access control is provided based I 
on the categories or types of data to be accessed, on groups^ 
of users, and on the time during which access is requested^/ 

As an example, in a high school environment having a 
LAN within the school, the network device of the invention 

50 can have access control databases configured to restrict 
access to a remote network server that serves (i.e., allows 
remote playing of) Java applet chess games. The network 
device would allow access to the server only by the chess 
club members of the school and only if they are using the 

55 chess club computers in the chess club meeting room and 
only during chess club meeting hours. Other users of the 
schools LAN computer network using computers located 
elsewhere in the school at different times (or even during 
chess club hours) can be restricted from accessing this server 

60 over the Internet using the invention. 

An explanation of the databases 203, 204 and 208 will 
clarify the nature of the access control capabilities of the 
invention. 

65 Database 203 is called the group/source database. A 
simple example of the data in this database is shown in Table 

1, 
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TABLE 1 





Group/Source Data 


GROUP 


SOURCE 


LIBRARY 


CLIENT 50 




CLIENT 51 


FACULTY 


CLIENT 52 


PRINCIPAL 


CLIENT 53 



In FIG. 1, each client computer 50 through 53 may be 
associated with one or more groups used for access control 
in this invention. Suppose, for example, that LAN 40 is used 
wi thin an elementary school system and the group /source 
database 203 in Table 1 is configured for such an environ- 
ment,.Clientjx>mputers 50 and 51 may be located in the 
libr ary, while client computer 52., ma y„be_located in the 
faculty lounge,a nd client .com puter 53 may be in the 
prmcipalTofiEce. Accordingly^ in this_example tj .the.gri)up/ 
source database JS03 may^list Jtoe^groups.. i ajjohimn^ l of 
Table l;^brair^ScultvrpriDCTpal^ch g roup wi ll have one 
or ( more ; assoc iated clier^addre^^^e^ sWrces)' and/or 
usernames^deDdfying_^iucb^.us&cs^ (via which client 
computers) a re in whic h groups. Column 2 in Table 1 
associates each source cK enTcomputer to a grou p. 

In the example shown in Table 1, client computer num- 
bers are used, I n_a preferred embodiment, the com puter 
numb ers used byjthe g roup/source database 203 are prefer- 
ably m achine a ddress (i.e., Internet Protocol ("IF') or Media 
Access Control ("MAC) addresses, as will be described 
below) to identify sources, or sources may be bTolceh dow n 
ev en further to the username level, such that no matter which 
cli ent computer a specific user lo g s in at, that user w ill 
al ways be associated with his or her respective group. In 
such a case, groups would have sources containing 
usernames, instead of hostnames, or sources may be 
username/hostname pairs. As will be explained, the group/ 
source database 203 will be used to determine who is 
requesting the information over the network, such as web 
page data for example, and what their level of access is. 

Table 2 below provides an example of the data contained 
in the Group/Category database 204. 

TABLE 2 



Group/Category Data 



GROUP RESTRICTED CATEGORIES 



LIBRARY 


1, 7, 9, 11, 18, 19, 22, 




24,28 




TIME: 1-4 pm 


FACULTY 


1, 9, 38, 19, 24, 




TIME: 8am-ll:59 am, 1 pm-4 pm 




Monday-Friday 


PRINCIPAL 


4, 13, 14, 16, 17, 20, 21, 




23, 25, 26, 27 




TIME: 2-4 am, 6-11 pm 



As shown in Table 2, data contained in the group/category 
database 204 associates each group with the restricted 
categories for that group and other access attributes such as 
the time of day during which those groups are restricted. For 
instance, a user of a client computer who is in the faculty 
group will be restricted from viewing web pages that fall 
into categories 1, 9, 18 and 24 from 8 am to 11:59 am (i.e., 
morning work hours) and from 1 pm to 4 pm (i.e., afternoon 
working hours) during every Monday through Friday (i.e., 
workdays). The principal of the school, however, is allowed 
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to access all internet servers, web sites, and data at all hours 
except from 2 to 4 am and 6 to 11 pm. As will be explained 
shortly, each category is associated with a specific topic, 
such as sex, violence, drugs, and so forth. In one embodi- 

5 ment of this invention, there are thirty different categories. 
Thus, if a user of a client computer is excluded from certain 
categories, when they make a request for a web page or a 
server location or a data file having an Internet access 
address that appears in one of those categories in the 

10 category/destination database 208 (to be explained), that 
user will be denied access to that data, file, applet, web page, 
and so forth. 

The data in databases 203 and 204 mav he configured by 
me administrator of the system. T he data jna y be stored in 
anyTdrm of databa sR.fnn^at M sjj £jlas in a relational database 

15 format, for example. i Lisjnoted that databases 203. 204 and 
208 mu stbe accessible to network device 100 1 but ne ed not 
b e located within oTdirectly attached to n etwork device 100. 
For instance, a file server using the network file systems 
(NFS) can be used to provide network device 100 access to 

20 databases 203, 204 and 208, even though the disks storing 
the data are located elsewhere on LAW 40, for example. 
Alternatively, the databases 203, 204 and 208 can reside in 
the network device itself. 
The third database used byjietwork device_100jbr access 

2S control is the category/re stricted de stination database 208. 
This databa se is*a keyelement of tfie"invention7and provides 
a list' of the Uniform R esource Locator7tJlO^'s)~mcluding 
URL seg ments, and IP addresses, for servers contain ing 
res tricted flies, applets, documents, we b pa ges, news g roups, 
Multicast se ssionso r ot her content^ rjach category. The 

30 siz gc>ijffie^atabase 208 cag vary aruTmay 6e _yery_large in 
some instances. An aBbreviated example of The contents of 
the category/restricted destination database is given in Table 
3. 

35 TABLE 3 



Cateftoiy/Destination Data 

IP 



CATEGORY 


URLS 


URL SEGMENTS 


ADDRESSES 


1. Alcohol 


aloohol.com, 


/www. drink.com/ 


12.34.105.23 




www.drink.com, 


margarita 


213.563.12 




www.intoxicated. 




224.0.0.0 




com 






2, 


/www.hcrmit.com 


/www. recluse. 


201.2.123.67 


Alternative 


/ 


com/hate- 


145.23.1.231 


Lifestyle 




people 





In Table 3, each catego ry is listed as a number, alon g with 

50 its name indicating the subject matter associated with that 
category. There are only two categories shown in this 
example for ease of description. The categories are matched 
in TablfiJL and in dat abase 208^ with the server address 
including document locations (elg., locations of web pages 

55 via URLs) and IP address which are-to-be-restricted-for a 
group -haying those categories. For instance, category 1 is 
alcohol. mcolumnT273 and 4 of this category, URL's and 
segments of URL's and IP addresses are listed which 
indicate which addresses of files, documents, web pages, 

60 web sites and other information on the network, Internet, or 
world wide web that are restricted for access within that 
category. For instance, under the category alcohol, no access 
is allowed to the web site in column 2 listed as alcohol.com, 
and no access is allowed for requests to the IP address 

65 213.56.3.12, which may correspond, for example, to the 
home page of a bar, brewery, or other drinking establish- 
ment. 
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As another example, in thp..iP 4sldrefiftg& Cnlnmn injjhlft home pages, documents, Multicast channels, and so forth. 
3 T JP address 22 4.A(LQJsJistaL. wh ich corres pondsjo a The network-walker is an automated knowledge robot soft- 
sp ecial ty pe ofI P_adp!ress .reseryed. for Multicast Broadcast ware process which continually surfs the web and examines 
data ^streams. Thus, access to Multica st jjaja^streams Internet content providers to gather newly found URL's and 
acc essed via user applications runnin g on clients 53 through 5 IP addresses of web servers or other content providing 
53 m ayb e restricted as well, through the use^of this computers. 

invention. This example illustrates that the~'invention is For purposes of this explanation, the term URL, for 

applicable to resjricting access to data other than ju st world Uniform Resource Locator, refers to the location of any type 

wideja^page^or URL data. Those skilled in the™ art will of content on a computer network, and not just to web pages 

now readily unde rstand, that others address mechanisms to or information obtained via HTTP. Thus, each time a new 

wh^h.may.be.suiiilar_in t nature-to-URL or_IILaddress£S_may URL or address of a content server is obtained or discovered 

be mcprporated i nto^ ^ by the network-walker, step 151 checks to determine if the 

invention to restrict access to the locations of data, new URL is contained in any one of three databases. The 

^ i d ocuments, files or the like over a computer network. first database is a URL queue database 152 that stores the 

In this invention, the category database 208 is created is new URLs in incoming order for processing by subsequent 

separately for the operation of the network device 100, for steps. If the new URL in step 151 is not in the URL queue 

example, by a third party other than the owner and admin- database 152, an uncategorized URL database 153 is then 

istrator of the network device 100. Tnat is, since the category checked. Database 153 holds URLS that must be 

database must contain, for example, all of the web site categorized, as will be explained. If the new URL at step 151 

URL's, home pages addresses, IP addresses, news groups, 20 is not in databases 152 or 153, the category/restricted 

data and file locations, and other information indicating destination database 208 is checked. If the new URL is in 

desdnationsjor-r^gue sts that are to be restri cted, this infor- none of these databases 152, 153 or 208, step 151 places the 

mation can becomequite voluminous, anaTuTa preferred new URL into the URL queue database 152. 

embodiment, is created a s a sing le master database 208. Step 154 gets the next URL from queue database 152 and 

Access to the master category database 208 may be 25 determines the network address (i.e., IP address) of the 
incorporated into the network device 100 in various ways, server (i.e. for example, one of web server 54, 55 or 56 in 
each of which is within the scope of this invention. For FIG. 1) that provides me content of the URL, and determines 
example, as noted previously, the category database 208 any URL segments within this URL. A URL segment may be 
may be stored and updated in a database locally on a hard a sub-page, for example, that may exist below a home web 
disk within the network device 100, using update disks 30 page. For example, if the URL is www.xxx.com, a segment 
periodically loaded onto the network device 100. of this URL may be www.xxx.wm/pornography/photos. 
Alternatively, the category database 208 may be provided to Alternatively, in another example, if the URL represents 
the network device using a protocol, such as the Simple a news server using NNTP to propagate news groups over a 
NetwortManagemeat trotocol (SNMP), which may use an network, the URL may include the IP address of the news 
agent running locally on the network device 100 to control 35 server and URL segments may represent individual news 
networlfaevice configuration and database content from a groups offered by that server. As another example, if the 
remote network manager station, which can be controlled by URL is the IP address representing a Multicast address of a 
a third party offering a subscription to periodic database channel of real time audio and/or video information, a URL 
updates. Thus, any organization implementing the present segment may be represented by Multicast addresses of 
invention can merely receive a copy of the category/ 40 sub-channels within the domain of the IP Multicast address, 
restricted destination database 208 for use with their system Thus, if the network-walker detects a new Multicast chan- 
without having to be concerned with the installation of the nels being broadcast on address 224.0.0.0, the network- 
data, walker may log 224.0.0.1, 224.0.0.2, and so forth as Mul- 

Since the Internet topology, IP addresses, server location, ticast sub-channels or URL segments in this invention within 

and the World Wide Web are all constantly^cjianjpng-aiid 45 queue database 152. 

U RL's, web server s, news sites, Multicast channels, an d so Step 154 also attempts to obtain a description of this URL 

fo rth are ail being aaaea a na removed from networlcssuch by accessing, for example, the home page to which it a 

as theJ nternet on a daHjTbasis, using this invention, one web-page URL refers to. A description of a home page, and 

organization can keep the master category database 208 hence its URL, may exist in the Hypertext Markup Lan- 

current and up to date, and each organization that uses the 50 guage (HTML) that is used to actually create and format the 

database 208 in conjunction with their own network device data which comprises an actual web page. In an alternative 

100 can subscribe to, for example, a monthly update or example, in the case of the URL that is only an IP address 

subscription service. In this manner, using SNMP or an or a Multicast address, other identification about the content 

automated download service, for example, the database 208 server provider may be obtained, for example, by using the 

may be distributed to the network devices 100 of all sub- 55 "whois" internet network information service or another 

scribing organizations for use, and each organization need similar protocol-based information service. "Whois" is a 

not worry about keeping their category database 208 current protocol that is used in conjunction with an IP address, by 

with the current state of the world wide web. The entire issuing, for example, the command "whois 224.0.0.011" and 

update process may be done over either LAN 40 or WAN 45, awaiting a response. A Multicast server that is properly 

without the need for sending physical disk media through 60 configured typically returns an indication of who owns and 

the mail or postal service. administers the server machine at the specific IP address that 

FIG. 2 shows the processing steps involved according to is providing the content, as specified in the "whois" 

this invention to configure network device 100 with the protocol, and also returns information concerning the IP 

access control database 208. Step 150 provides an auto- Multicast address content. This description and information 

mated network-walker whose function is to continually 65 received is obtained and stored by step 154. 

examine the world wide web, and any other accessible In the www.xxx.com example, step 154 may obtain, for 

networked data servers for new addresses, files, web sites, example, a page or meta-description of the entire web site 



06/05/2003, EAST Version: 1.03.0002 



US 6,233,618 Bl 

11 12 

that may look something like "www.xxx.com is an adult the processing of FIG. 2 in order to add other URL's to 
oriented site supplying pornographic images to web brows- database 208. However, in a preferred embodiment, network 
ers. w In the Multicast example, whois may return device 100 merely obtains access to databases 203, 204 
"1244.0.0.0 is an internet Multicast channel served from a which are locally configured during the setup of each 
SUN Workstation at XYZ Corporation and is dedicated to 5 network device 100. Database 208 is accessed locally, but is 
providing real-time audio and video information on religious u P date by downloading or automatically transfer- 
activities." Tta description^ nng (i.e via an SNMP agent or FTP) the latest created 
be relevant for determining the category of the web site or ve £ 10D f rom a centralized location such as a provider of a 

, , . • ♦kr««.* ~™ .v ™„f^-oi an A subscription service to the database 208. Once each of the 

conten server, which in the first case ,is sexual material, and ^ ^ ^ ^ 2m fc 

m the later case is religious ma enal. 10 downbadcd ^ made availab f c to ^ nctwork devicc m 

Next, m step 155 the new URL and ite associated data on lan 40, the network device 100 can then 

gathered in step 154 are placed into the uncategonzed operate tQ prQvide access of web 

database 153 until the server, data stream or web site for this page&j ^ other types of content for users of the client 

new URL can be examined for content by a person in order computers 50-53 connected to LAN 40, according to the 

to precisely associate one or more categories with this URL. 15 aforementioned aspects of the invention. 

In step 156, a person who assists in the creation and j n operation of the access controlled network computer 
maintenance of the category/restricted destination database environment 30 according to the access control aspect of the 
208 reviews the next URL at the top of the list from the list invention, one or more client computers 50 through 53 are 
of URL's in the uncategonzed URL database 153. In step configured with standard web browsing or content accessing 
156, the person may use, for example, a web browser to visit 20 application software (not shown) such as, for example, the 
the actual web site specified by the URL, or may using a commonly known web browser produced by Netscape, Inc. 
Multicast receiver application or a news reader application entided "Netscape Navigator" (TM), or, Microsoft Corps, 
to view the data provided by the server specified in the browser software entitled Microsoft Internet Explorer (TM). 
current URL. While visiting the web page or examining or Another example of content accessing software is an Inter- 
listening to or viewing the data provided from the server 25 net Radio program that joins a Multicast group in order to 
listed in the URL and that URL's associated URL segments, listen to real-time audio. The browser or content application 
the person, in step 157, makes a determination about the software need not be modified or customized in any way for 
content of the server (e.g., a web site) referenced by the URL this invention to work properly. The clients, browsers and 
and places that URL into at least one, and typically more content applications need not actually be part of the 
than one, of the categories in the category/restricted desti- 30 invention, but rather, benefit from the invention's access 
nation database 208. Using the previous examples, the control capabilities. The browsers or applications on each 
www.xxx.com web-site URL would be placed into the client computer 50 through 53 allow users to request pages 
pornography or sexual material category and the religious or data or other information from server computers 54 
Multicast channel would be placed into the religious cat- through 56 on the Internet, while still being subject to access 
egory. Accordingly, at step 157, that server or web site or 35 control provided by the network device and its configuration 
content provider and its associated pages, data streams, files, and databases provided by the invention, 
news groups, and so forth are now in the database 208 which As an example, for client 52 to request a web page from 
can be used for access control. Finally, in step 158, the URL server 55, client 52 uses the Hyper-Text Transfer Protocol, 
associated with the data is removed from the uncategonzed which operates in conjunction with TCP/IP, to produce a 
database 153. 40 packet of data (not shown in FIG. 1) that gets sent from the 
While not shown in FIG. 2, processing continually repeats requesting client 52 onto the LAN 40 to be forwarded and 
itself, and many concurrent iterations of the processing steps received by server 55. In the invention, based on the contents 
150 through 158 may be taking place at one time. of the packet sent from client 52, a determination may be 
Accordingly, there may be a number of different people in made in network device 100 as to whether or not the request 
step 156 that have the job of reviewing and categorizing 45 should be forwarded to WAN 45 and thus to server 55. As 
content provided by servers, web pages and web sites, IP another example, if a client application desires to receive 
addresses, Multicast addresses, news groups, public mail Multicast packets of Internet packet radio broadcasts, client 
servers, etc. Moreover, the network-walker in step 150 is 52 uses the Internet Group Messaging Protocol (IGMP) to 
continuously obtaining new information about current con- produces a packet requesting to join a specific Multicast 
tent providers on the computer network, such as the Internet. 50 group. The IGMP request must pass through network device 
These tasks, and the processing of FIG. 2, are typically 100 in order to obtain Multicast Group access to a server 
performed by the service organization that provides the supplying the Multicast data. 

category database 208 to all of the subscribers who utilize In order to explain how the network device 100 operates 

this aspect of the present invention with their network device as an access control system for all data requests from client 

100, in order to have up to date access control provided to 55 computers 50 through 53 on LAN 40, a brief explanation of 

their LAN 40. network packet communications and content is needed. 

In this manner, by processing the steps of FIG. 2, a very FIG. 3 shows a highly simplified example breakdown of 

thorough category/restricted destination database 208 is the contents of a data packet 300 that carries a request for a 

created and maintained. The network-walker function in web page from client 52 to a server 55. Access to a web page 

step 150 is constantly examining the network (i.e., the 60 will be used in this description, but other content services 

Internet, World Wide Web, etc.) for the latest URLs that using other protocols are applicable to this invention as well, 

come into existence, and they are then processed as Packet 300 contains fields 301 through 305. It is to be 

described above. understood that packet 300 is highly simplified and does not 

It is to be understood that the processing steps in FIG. 2 reveal all of the fields or contents of packets typically used 

are typically not be performed by the network device 100, 65 in data communications. Rather, the packet 300 illustrates 

though the administrator of LAN 40, who may control only those fields needed to understand the concepts of this 

network device 100, could, if he or she wanted to, perform invention. 
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Packet 300 includes a beginning field 301 recognizable by database (i.e., Table 2). Thus, step 205 obtains a list of all of 

network device 100 as the start of a packet, and an ending the categories which are to be consulted to see what restric- 

field 305 recognizable as the end of the packet. The source tion are placed on the requested yRL, IP address, or oth er 

address field 302 indicates the source of the data packet, co ntent destination. That is, step 205 determines what 

which is the network address of the client computer sending 5 groups can access what categories of conten ^and._wh en. 

the request. Source address field 302 may contain, for Notc ^ the categories are refer red lo~aTac1iveln^th ey 

example, IP and/or Media Access Control (MAC) address- are onhi selected for checking in step 205 if the current time 

ing information. The destination address field 303 indicates 0 f^SS5^Wxalcgorics fag^gabje at mTcurrent 

the destination network address of a remote server computer tiS^S^S^^i ^S^&^S the nelwork 

that is to receive packet 300, and ^ m ay ^ contain and/or de ^f^ P aMsTT^^ on the 

MAC layer addressing information. The data field 304 is .. ^ ? - r ,j Z" ^r" v „ 

used to transport the data or payload of the packet from the J^SSs^^ requesting 

browser application (i.e., Nekcape) on the client 52 to the * e WffiiHJlalaJM^ 

web server software operating on the web server 55. In the * e I*. 15011 requesUng the page or data) are^ctedand 

example shown, the data field 304 contains the request in the aU»4tat-^s^Qse^c ategories for tha^ person (i.e. that 

form of a full Uniform Resource Locator (URL) for a web 15 are restricted. 

page. A URL serves as the indicator of the request from the Step 206 then obtains the actual URL and the destination 

client for a specific web page stored one of the servers, and IP or other type of address from the data field 304 and the 

can be detected by network device 100. destination field 303, respectively, of the packet sent by the 

As noted previously, to perform access control, packet client. Step 208 then matches the IP address, the URL, or 

information is compared agaipsti database information 20 any segment nf %i IJHJ I( against each category obta ined in 

within network device 100. 'FIcLjPshows the processing s tep"2D5 in the^ caje^or ^/restricted o^tmatipn databa se 208. 

steps performed by network device 100 to perform access In step 206 then, each^ategory^p^ifieAa^being active for 

control^a ccording to this in yention .JSince network device the grou p of the client req uesting the web page or data is 

lu^serves^s^ gatewa y, router, proxy server o r other data consulted to see if the requested page or data is listed in any 

transfer mechanism to the WAN 45 from the 40, the 25 of the URL or IPdata.associatedjwith-that category, 

network device 100 can also monitor the contents of-out- In step 209, if either the IP address, the URL or any 

going packets traveling from LAN 40JoJKAN-45-fox.such segment of the URL matches to any restricted destination 

data as HTTP level request messages for.URI^jmch as an information (i.e., columns 2, 3 or 4 of Table 3) for any of the 

HITRJilGin^message~As_np^ requests categories obtained in step 205, then step 210 is executed 

for others types^jrfjnetwoj^^ 30 which denies access to the requested web page, data, service 

su ch as news g roup reques ts. IGMP Multicast group join or content requested in the packet received rom the client at 

requests, FTP file transfer requests, and so forth may also be the network device 100. In other words, step 210 does not 

incorporated into the monitoring facilities of network device forward the packet on to the content server indicated in the 

100 in this invention. During this monitoring process, in step destination field 303 of the packet if the client in the specific 

v 200, the network device 100 receives and detects a pack et 35 group was requesting a page or data or a service that existed 

containing, in thisexample, an H'HY rc^ ^jj^j^^^dd in the category database 208 for one of the categories that 

SOd^fjhfTpa Hret T> e_dctection carTg e^ne. f or example, was active for that group. Quite simply, the client was trying 

using antmplicgtic^ that to access a restricted web site or URL or IP address or 

allows the network device 1 00 to sc reen any selected pac ket service and step 209 detects this information in one of the 

field t or^nfoTmali o^^such as addresses and~daTanT all 40 active categories in database 208 and step 209 can deny 

o utgoing packets. Thej ig£%prK^ an API access. 

provided, for exam ple , by proxy server software running on If step 209 does detect an attempt at restricted access to 

the network dev ^^l^ , a^T detect IP port, TCP socket a service, web site, data or other restricted content, step 214 

and/or session nuin be rs which packets are associated w ith as is executed which uses the source address in field 302 of the 

welLH lTP and most _omer^network--p XQtogQls_ i typicallv 45 packet 300 to send a return notification of denial to the user 

a ssociate meniselyjes.wi thjeilher^ socket, IP at the client computer requesting the restricted data. Step 

address, sessi on . nu mber, orothe runique ^oSu^hlrrwithin 215 may also be executed which logs the illegal attempted 

TCP/I P^ whichj s^angtto^ 100 c an request to a log file. 

detect the -presence of a pac ket conta jmnj ^ a However, if step 209 determines that neither the IP 

web page, data file T audi q or vjdeo stream , n ^w^rojip^ file 50 address, the URL, or any URL segments matched any of the 

transfer, and so forth. restricted data for any of the active categories obtained in 

the web acc ess, example,. once a web page^request is . step 205, then step 211 allows the request to be forwarded 

detected Jn_a_packet t .in^tep 201, the source address of the to the content server through network device 100. In other 

packet in field 302Jsj^inin ed . The sourc eaddress may be words, the request was for legitimate non-restricted web 

anJ^addressTgr ^MAC address, or^ri_a_ddressAisername 55 pages, services, or data provided by a server on WAN 45. 

combination. Then._ste^202.matches.thejSQur L ce address and Once the request is received by the server to which it was 

daja_withjhe^grcup^ (i.e., Table 1) in destined, the server begins to return the requested data in the 

on^tojfetennine the grou pin Ta bfc.J, ]Q,wftcJhi_thc packet form of a web page, a file transfer, a news group, or other 

containing^e^HJ TP request , b elongs . In other words, the data. 

pac ket came fro m one of cltents^Qjj^ug^U53. Hence, step 60 Step 212 then begins to receive the web page or other 

202 matches packet formation Jplgromi ^ content data packets and step 213, which may be optional, 

a s that shown in Tab leJLJnjqrdexJtP^ete client can filter the incoming data in the returned data packets for 

a nd/or user on LAN 40 , is se nding this particular web page objectionable data, such as profanity occurring in the text of 

request packet and determine what group that machine or web pages or news groups or other objectionable content as 

machine/use rname combination is in within database 203. 65 may be defined. That is, content filtering may also be 

Nexj, ^ep^05-Gbtains.me = actiy^cate^ incorporated into the invention as data is returned from the 

determined in step 202, by consulting the group/category servers. This is beneficial and overcomes the problems of the 



06/05/2003, EAST Version: 1.03.0002 



US 6,233,618 Bl 



15 



16 



prior art content filtering systems since in this invention, the 
content filtering can be centralized at the network device 
100, rather that administering many separate clients that 
each contain their own content filtering database. 

In this manner, the present invention provides a robust 
data access filtering system that provides access control 
based on users, categories and times of use and not purely 
on content of data being accessed. This is beneficial since 
content filtering alone often overlooks objectionable mate- 
rial such as pornographic images, which contain no words to 
content filter upon. 

Moreover, the present invention is centralized to offer 
ease of administration and configuration and is very flexible 
since times of day for restricted access may also be 
specified, if desired. By having a category database 208 that 
may be maintained offsite, by a third party far example, the 
invention allows the administrator to only have to worry 
about initial group/source configurations, and not worry 
about database maintenance. New client computers that 
suddenly appear or get installed on LAN 40, that are not yet 
listed in the group/source database, can be assigned a default 
group that has highly restricted access associated to it in this 
invention. In this manner, the invention can handle future 
LAN 40 client expansion without having to further configure 
the new clients for access control. 

While this invention has been particularly shown and 
described with references to preferred embodiments thereof, 
it will be understood by those skilled in the art that various 
changes in form and details may be made therein without 
departing from the spirit and scope of the invention as 
defined by the appended claims. Those skilled in the art will 
recognize or be able to ascertain using no more than routine 
experimentation, many equivalents to the specific embodi- 
ments of the invention described specifically herein. Such 
equivalents are intended to be encompassed in the scope of 
the claims. 

What is claimed is: 

1. A network device for controlling access by clients on a 
private network to a data file stored at servers in a public 
network, the network device being interconnected between 
the private and public networks, the network device com- 
prising: 

a first interface receiving a request from a client on the 
private network to access a data file stored at servers on 
the public network; 

an access control processor coupled to first interface, the 
access control processor analyzing data in the request 
from the client and determining if the request should be 
forwarded to the public network for processing by a 
server to which it is destined, the determination being 
made by cross referencing resource identifier informa- 
tion in the request with access control data in at least 
one access control database, the access control data 
containing categorized resource identifier information 
the categorized resource identifier information speci- 
fying a content subject matter category to which the 
data file is assigned, and the categorized resource 
identifier information associated with each data file 
being assigned by prior human interpretation of the 
content in the data file, and then, as a result of such 
human interpretation, determining a subject matter 
category to which the data file is to be assigned, the data 
file stored at the servers on the public network; 

a second interface coupled between the first interface and 
the public network and coupled to the access control 
processor, the second interface forwarding the requests 
from the first interface to the servers on the public 
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network if the access control processor determines the 
request should be forwarded to the public network for 
processing by a server to which it is destined; and 
means permitting a network administrator of the public 
network to control the operation of the network device. 

2. The network device of claim 1, wherein the access 
control database is stored locally on a storage medium 
within the network device. 

3. The network device of claim 2, wherein the access 
control database is downloaded by a download process on 
the network device onto the storage medium from an access 
control server. 

4. The network device of claim 3, wherein the download 
process is automatically performed at regular intervals. 

5. The network device of claim 3, wherein the download 
process is a subscription service to which the network device 
must be registered with so that the download process can be 
performed. 

6. The network device of claim 1, wherein the access 
control database is stored remotely on at least one access 
control server on the private network and access to the 
access control data in the access control database by the 
network device is performed by accessing the access control 
server. 

7. The network device of claim 1, wherein the access 
control database is stored remotely on at least one access 
control server on the public network and access to the access 
control data in the access control database by the network 
device is performed by accessing the access control server. 

8. The network device of claim 6, wherein access to the 
access control data is a subscription service to which the 
network device must be registered with in order to be 
allowed access to the access control data. 

9. The network device of claim 1, wherein: 

the request includes a source designation and the resource 
identifier information specifies a destination of the 
request; 

the categorized resource identifier information in the 
access control data is categorized by associating pre- 
determined destinations to specific categories of con- 
tent; and 

the access control processor determines if the client 
making the request is associated with a category of 
content which contains a predetermined destination 
having a portion that is equal to the destination speci- 
fied in the resource identifier information of the 
request. 

10. The network device of claim 9, wherein the portion 
that is equal to the destination specified in the resource 
identifier information of the request is a segment of the 
resource' identifier information. 

11. The network device of claim 9, wherein the resource 
identifier information is an internet protocol address. 

12. The network device of claim 9, wherein categorized 
resource identifier information in the access control database 
is categorized by searching for uncategorized content pro- 
vided by servers located on the public network and present- 
ing the content of the data files to humans for evaluation and 
categorization, the categorized content being represented in 
the access control database by an identification of a location 
of the content on servers of the pubtic network. 

13. The network device of claim 12, wherein the uncat- 
egorized content provided by the servers on the public 
network is discovered by a network walker process which 
records new content destinations as they are discovered. 

14. The network device of claim 1, wherein: 

the request includes a source designation and the resource 
identifier information specifies a destination of the 
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request and the at least one access control database 
includes a group-source database and the access control 
processor, in determining if the request should be 
forwarded to the public network, matches the source 
designation of the request to the group-source database 5 
to determine the group of the client making the request. 

15. The network device of claim 14, wherein: 

the at least one access control database further includes a 
group-category database and the access control 
processor, in determining if the request should be 10 
forwarded to the public network, matches the group of 
the client making the request to at least one category to 
determine which categories of content may be accessed 
by that group. 

16. The network device of claim 14, wherein: 15 
at least one access control database further includes a 

category-destination database and the access control 
processor, in determining if the request should be 
forwarded to the public network, attempts to match the 
destination specified in the resource identifier informa- 
tion to at least one resource identifier destination listed 
within categories in the category-destination database, 
and if a match is made, the access control processor 
denies access to the server to which the request is 
destined. 

17. The network device of claim 16, wherein the access 
control processor, in determining if the request should be 
forwarded to the public network, matches the group of the 
client making the request to at least one category having an 
associated block of allowed access times, to determine 30 
which categories of content may be accessed by that group 
and at which times. 

18. A method for controlling access by clients of a private 
network to data files stored on servers connected in a public 
network, the method comprising the steps of: 

at a client computer connected to the public network, 

searching for uncategorized data files being stored on 
servers connected in the public network, the data 
files being available on demand; ^ 

presenting a view of each selected data file in human 
readable form on the client computer connected to 
the public network; 

permitting a human being to review the contents of 
each selected data file so presented; 4S 

determining a content rating for each data file in 
response to presenting the contents of the data file to 
a human being, the content rating being determined 
as a result of the human being assigning the data file 
to at least one content subject matter category; 
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storing a uniform resource locator (URL) of each data 
file together with the associated content subject 
matter categories in a category-destination database; 
at an access controller connected to the private 
network, 

downloading the category-destination database; 

receiving requests from client computers connected to 
the private network, the requests indicating data files 
stored on the servers of the public network; 

analyzing the data in each request against the data from 
the category-destination database; and 

determining whether to forward the request to a server 
of the public network for processing, the determina- 
tion being made based upon the content rating of the 
requested data file. 

19. The method of claim 18, wherein the step of analyzing 
the data in each request further comprises the steps of: 

examining a source of the request against a group-source 
database to determine a group associated with the client 
making the request; 

examining the group associated with the client making the 
request against a group-category database to determine 
the content ratings that the group may access; 

obtaining URL information from the request; and 

determining if the URL information has been assigned a 
content rating that the group may access, and if so, 
allowing the request, and if not, denying the request. 

20. The method of claim 18, further comprising the step 
of filtering contents of return data sent from servers on the 
public network in response to a request which is allowed. 

21. The method of claim 18, wherein the URL informa- 
tion is an Internet Protocol (IP) address. 

22. The method of claim 18, wherein the URL informa- 
tion is a world wide web page address. 

23. The method of claim 18, wherein the URL informa- 
tion is a portion of a world wide web page address. 

24. The method of claim 18, wherein the downloading is 
automatically performed at regular intervals. 

25. The method of claim 24, wherein the downloading is 
a subscription service to which the access controller must be 
registered so that the downloading can be performed. 

26. The method of claim 18, wherein the step of searching 
for new data files on the public network is performed by a 
network walker process. 

27. The method of claim 19, wherein the group-category 
database includes at least one group that is associated with 
different content ratings depending on the time of day of the 
request 



06/05/2003, EAST Version: 1.03.0002 



